diff options
58 files changed, 696 insertions, 143 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index daa963bc8..227eb209b 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -34,10 +34,10 @@ let ./Reaktor.nix ./realwallpaper.nix ./retiolum-bootstrap.nix - ./retiolum.nix ./rtorrent.nix ./secret.nix ./setuid.nix + ./tinc.nix ./tinc_graphs.nix ./urlwatch.nix ./repo-sync.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index ec5811d86..b86e05319 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -10,7 +10,7 @@ with import <stockholm/lib>; internet = { ip4.addr = "144.76.172.188"; aliases = [ - "dishfire.internet" + "dishfire.i" ]; ssh.port = 45621; }; @@ -42,7 +42,7 @@ with import <stockholm/lib>; internet = { ip4.addr = "104.233.79.118"; aliases = [ - "echelon.internet" + "echelon.i" ]; ssh.port = 45621; }; @@ -82,9 +82,8 @@ with import <stockholm/lib>; internet = { ip4.addr = "213.239.205.240"; aliases = [ - "prism.internet" + "prism.i" "paste.i" - "paste.internet" ]; ssh.port = 45621; }; @@ -132,7 +131,7 @@ with import <stockholm/lib>; internet = { ip4.addr = "104.167.113.104"; aliases = [ - "cloudkrebs.internet" + "cloudkrebs.i" ]; ssh.port = 45621; }; @@ -302,6 +301,27 @@ with import <stockholm/lib>; iso = { cores = 1; }; + sokrateslaptop = { + nets = { + retiolum = { + ip4.addr = "10.243.142.104"; + ip6.addr = "42:f8a1:044d:0f75:9d73:56d8:f432:c6cc"; + aliases = [ + "sokrateslaptop.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2 + t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ + rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW + egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5 + aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V + VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; users = { lass = { diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 650344981..33202d0ab 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -26,6 +26,31 @@ with import <stockholm/lib>; }; }; }; + studio = rec { + cores = 4; + ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio"; + nets = { + retiolum = { + ip4.addr = "10.243.227.163"; + ip6.addr = "42:e23f:ae0e:ea25:72ff:4ab8:9bd9:38a6"; + aliases = [ + "studio.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAwAdSac8Oy5tPu7ejwojY5YqaNOfd7i0NToE+oaRJ1yxzmUpj8Fti + cGpcgBYhFXMVYoYfzLdkAlSYjWKAoShCq/ZEfIM67okXegXvL68zGksfXrmpdUuk + GCCy2/Ul5urvYEis9UeUpbe6tUxU0zXUWCkhMQgHeO2xQEizfIfWsUn5sYtFFoKI + jYbAcLbRtw+Islfih8G7ydPBh78WPGz6Xx79A5nmfI1VZDAToEqpqUoaqfzsTGd1 + 78GZssE3o4veTmBFvLV3Fm/ltfXpzhAIcsi89V3RjrzFM7UMD8aV153OAzhddxIu + 8x6FibmMSzBXQDFuAac2+kp9mU0F0W4G1wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + fileleech = rec { cores = 4; ssh.privkey.path = <secrets/ssh_host_ed25519_key>; @@ -449,6 +474,7 @@ with import <stockholm/lib>; nets = rec { internet = { ip4.addr = "188.68.40.19"; + ip6.addr = "2a03:4000:17:2df::1"; aliases = [ "gum.i" ]; diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/tinc.nix index 0a3d7ed2f..8af15c13b 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/tinc.nix @@ -17,6 +17,27 @@ let in { enable = mkEnableOption "krebs.tinc.${netname}" // { default = true; }; + enableLegacy = mkEnableOption "/etc/tinc/${netname}"; + + confDir = mkOption { + type = types.package; + default = pkgs.linkFarm "${netname}-etc-tinc" + (mapAttrsToList (name: path: { inherit name path; }) { + "hosts" = tinc.config.hostsPackage; + "tinc.conf" = pkgs.writeText "${netname}-tinc.conf" '' + Name = ${tinc.config.host.name} + Interface = ${netname} + ${concatMapStrings (c: "ConnectTo = ${c}\n") tinc.config.connectTo} + PrivateKeyFile = ${tinc.config.privkey.path} + Port = ${toString tinc.config.host.nets.${netname}.tinc.port} + ${tinc.config.extraConfig} + ''; + "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' + ${tinc.config.iproutePackage}/sbin/ip link set ${netname} up + ${tinc.config.tincUp} + ''; + }); + }; host = mkOption { type = types.host; @@ -175,29 +196,16 @@ let } ) config.krebs.tinc; + environment.etc = mapAttrs' (netname: cfg: + nameValuePair "tinc/${netname}" (mkIf cfg.enableLegacy { + source = cfg.confDir; + }) + ) config.krebs.tinc; + systemd.services = mapAttrs (netname: cfg: let tinc = cfg.tincPackage; iproute = cfg.iproutePackage; - - confDir = let - namePathPair = name: path: { inherit name path; }; - in pkgs.linkFarm "${netname}-etc-tinc" (mapAttrsToList namePathPair { - "hosts" = cfg.hostsPackage; - "tinc.conf" = pkgs.writeText "${cfg.netname}-tinc.conf" '' - Name = ${cfg.host.name} - Interface = ${netname} - ${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)} - PrivateKeyFile = ${cfg.privkey.path} - Port = ${toString cfg.host.nets.${cfg.netname}.tinc.port} - ${cfg.extraConfig} - ''; - "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' - ${iproute}/sbin/ip link set ${netname} up - ${cfg.tincUp} - ''; - } - ); in { description = "Tinc daemon for ${netname}"; after = [ "network.target" ]; @@ -206,7 +214,7 @@ let path = [ tinc iproute ]; serviceConfig = rec { Restart = "always"; - ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid"; + ExecStart = "${tinc}/sbin/tincd -c ${cfg.confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid"; SyslogIdentifier = netname; }; } diff --git a/krebs/5pkgs/Reaktor/scripts/sed-plugin.py b/krebs/5pkgs/Reaktor/scripts/sed-plugin.py index 22b48e59d..da8e2f726 100644 --- a/krebs/5pkgs/Reaktor/scripts/sed-plugin.py +++ b/krebs/5pkgs/Reaktor/scripts/sed-plugin.py @@ -3,15 +3,17 @@ # Usage: # _from=krebs state_dir=. python sed-plugin.py 'dick butt' # _from=krebs state_dir=. python sed-plugin.py 's/t/l/g' -## dick bull +# > dick bull import shelve from os import environ from os.path import join from sys import argv -d = shelve.open(join(environ['state_dir'],'sed-plugin.shelve'),writeback=True) -usr = environ['_from'] import re +d = shelve.open(join(environ['state_dir'], 'sed-plugin.shelve'), writeback=True) +usr = environ['_from'] + + def is_regex(line): myre = re.compile(r'^s/(?:\\/|[^/])+/(?:\\/|[^/])*/[ig]?$') return myre.match(line) @@ -19,15 +21,15 @@ def is_regex(line): line = argv[1] if is_regex(line): - last = d.get(usr,None) + last = d.get(usr, None) if last: - from subprocess import Popen,PIPE - p = Popen(['sed',line],stdin=PIPE,stdout=PIPE) - so,se = p.communicate(bytes("{}\n".format(last),"UTF-8")) + from subprocess import Popen, PIPE + p = Popen(['sed', line], stdin=PIPE, stdout=PIPE) + so, se = p.communicate(bytes("{}\n".format(last), "UTF-8")) if p.returncode: print("something went wrong when trying to process your regex: {}".format(se.decode())) ret = so.decode() - print("\x1b[1m{}\x1b[0m meinte: {}".format(usr,ret.strip())) + print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip())) if ret: d[usr] = ret diff --git a/krebs/5pkgs/goify/default.nix b/krebs/5pkgs/goify/default.nix index e2849b5c7..9c44aaeeb 100644 --- a/krebs/5pkgs/goify/default.nix +++ b/krebs/5pkgs/goify/default.nix @@ -1,17 +1,18 @@ { pkgs, ... }: -pkgs.writeDashBin "goify" '' +pkgs.writeBashBin "goify" '' set -euf GO_HOST=''${GO_HOST:-go} while read line; do - echo "$line" | sed -E 's|https?://\S*|\n&\n|g' | while read word; do - if echo "$word" | grep -Eq ^https?:; then - ${pkgs.curl}/bin/curl -Ss -F uri="$word" http://"$GO_HOST" | tr -d '\r' + echo "$line" | sed 's|https\?://\S*|\n&\n|g' | while read word; do + if echo "$word" | grep -q '^https\?:'; then + ${pkgs.curl}/bin/curl -Ss -F uri="$word" http://"$GO_HOST" \ + | tr -d '\r' else - echo "$word"; - fi; - done | sed '/^$/d' | tr '\n' ' '; echo; + echo "$word" + fi + done | grep . | tr '\n' ' '; echo done '' diff --git a/krebs/5pkgs/haskell-overrides/news.nix b/krebs/5pkgs/haskell-overrides/news.nix new file mode 100644 index 000000000..ba5e7a5e1 --- /dev/null +++ b/krebs/5pkgs/haskell-overrides/news.nix @@ -0,0 +1,18 @@ +{ mkDerivation, base, bloomfilter, bytestring, feed, fetchgit, lens +, stdenv, wreq +}: +mkDerivation { + pname = "news"; + version = "1.0.0"; + src = fetchgit { + url = "http://cgit.lassul.us/news"; + sha256 = "1n3ffr2a5irr5aly0y7qsafag3kxvyyh077ayk0vdwbd0s9hvnjs"; + rev = "c3eb2c0a1a34fc41e18d0bc99b1c4dc73aa6eb20"; + }; + isLibrary = false; + isExecutable = true; + executableHaskellDepends = [ + base bloomfilter bytestring feed lens wreq + ]; + license = stdenv.lib.licenses.mit; +} diff --git a/krebs/5pkgs/weechat/default.nix b/krebs/5pkgs/weechat/default.nix index f5dc6a8d4..c703ca8bf 100644 --- a/krebs/5pkgs/weechat/default.nix +++ b/krebs/5pkgs/weechat/default.nix @@ -21,12 +21,12 @@ let in stdenv.mkDerivation rec { - version = "1.7.1"; + version = "1.8"; name = "weechat-${version}"; src = fetchurl { url = "http://weechat.org/files/src/weechat-${version}.tar.bz2"; - sha256 = "1020m1lsm8lg9n0dlxgp2wbn9b0r11g8r0namnzi2x6gvxn7iyf0"; + sha256 = "10km0437lg9ms6f16h20s89l2w9f9g597rykybxb16s95ql48z08"; }; outputs = [ "out" "doc" ]; diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 298c9083d..99760dfdb 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -48,6 +48,7 @@ with import <stockholm/lib>; maven arandr libreoffice + mpv ]; } #{ diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index 99399550c..30fc674bc 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -7,7 +7,6 @@ with import <stockholm/lib>; ../../krebs ../3modules ../5pkgs - ../2configs/binary-cache/client.nix ../2configs/mc.nix ../2configs/nixpkgs.nix ../2configs/vim.nix diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index c897ab655..01cfe5414 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -256,7 +256,7 @@ in { { krebs.Reaktor.coders = { nickname = "Reaktor|lass"; - channels = [ "#coders" ]; + channels = [ "#coders" "#germany" ]; extraEnviron = { REAKTOR_HOST = "irc.hackint.org"; }; diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 7b38e44c6..62b823c3f 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -92,7 +92,6 @@ in { nixshell = [ "nix-shell", "-I", "stockholm=.", - "-I", "nixpkgs=/var/src/nixpkgs", "-p" ] + deps + [ "--run" ] @@ -107,11 +106,9 @@ in { for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]: addShell(f,name="build-{}".format(i),env=env_shared, command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ - make \ - test \ - target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ - method=build \ + ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ + make NIX_PATH=$HOME/$LOGNAME test method=build \ + target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ system={}".format(i) ] ) @@ -119,11 +116,9 @@ in { for i in [ "mors", "uriel", "shodan", "helios", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]: addShell(f,name="build-{}".format(i),env=env_lass, command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ - make \ - test \ - target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ - method=build \ + ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ + make NIX_PATH=$HOME/$LOGNAME test method=build \ + target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ system={}".format(i) ] ) @@ -131,11 +126,9 @@ in { for i in [ "x", "wry", "vbob", "wbob", "shoney" ]: addShell(f,name="build-{}".format(i),env=env_makefu, command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ - make \ - test \ - target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ - method=build \ + ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ + make NIX_PATH=$HOME/$LOGNAME test method=build \ + target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ system={}".format(i) ] ) @@ -143,11 +136,9 @@ in { for i in [ "hiawatha", "onondaga" ]: addShell(f,name="build-{}".format(i),env=env_nin, command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ - make \ - test \ - target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ - method=build \ + ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ + make NIX_PATH=$HOME/$LOGNAME test method=build \ + target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ system={}".format(i) ] ) @@ -211,7 +202,7 @@ in { ]: addShell(f,name="build-{}".format(i),env=env_lass, command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ + ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ make system=prism pkgs.{}".format(i)]) bu.append(util.BuilderConfig(name="build-pkgs", @@ -255,7 +246,7 @@ in { options.lass.build-ssh-privkey = mkOption { type = types.secret-file; default = { - path = "${config.users.users.buildbotworker.home}/ssh.privkey"; + path = "${config.users.users.buildbotworker.home}/.ssh/id_rsa"; owner = { inherit (config.users.users.buildbotworker ) name uid;}; source-path = toString <secrets> + "/build.ssh.key"; }; @@ -263,16 +254,10 @@ in { config.krebs.secret.files = { build-ssh-privkey = config.lass.build-ssh-privkey; }; - config.users.users = { - build = { - name = "build"; - uid = genid "build"; - home = "/home/build"; - useDefaultShell = true; - createHome = true; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiV0Xn60aVLHC/jGJknlrcxSvKd/MVeh2tjBpxSBT3II9XQGZhID2Gdh84eAtoWyxGVFQx96zCHSuc7tfE2YP2LhXnwaxHTeDc8nlMsdww53lRkxihZIEV7QHc/3LRcFMkFyxdszeUfhWz8PbJGL2GYT+s6CqoPwwa68zF33U1wrMOAPsf/NdpSN4alsqmjFc2STBjnOd9dXNQn1VEJQqGLG3kR3WkCuwMcTLS5eu0KLwG4i89Twjy+TGp2QsF5K6pNE+ZepwaycRgfYzGcPTn5d6YQXBgcKgHMoSJsK8wqpr0+eFPCDiEA3HDnf76E4mX4t6/9QkMXCLmvs0IO/WP lass@mors" - ]; - }; + config.users.users.buildbotworker = { + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiV0Xn60aVLHC/jGJknlrcxSvKd/MVeh2tjBpxSBT3II9XQGZhID2Gdh84eAtoWyxGVFQx96zCHSuc7tfE2YP2LhXnwaxHTeDc8nlMsdww53lRkxihZIEV7QHc/3LRcFMkFyxdszeUfhWz8PbJGL2GYT+s6CqoPwwa68zF33U1wrMOAPsf/NdpSN4alsqmjFc2STBjnOd9dXNQn1VEJQqGLG3kR3WkCuwMcTLS5eu0KLwG4i89Twjy+TGp2QsF5K6pNE+ZepwaycRgfYzGcPTn5d6YQXBgcKgHMoSJsK8wqpr0+eFPCDiEA3HDnf76E4mX4t6/9QkMXCLmvs0IO/WP" + ]; }; } diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index e33514ee0..ffed5bb70 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -150,6 +150,7 @@ with import <stockholm/lib>; untilport usbutils logify + goify #unpack stuff p7zip diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 72866c067..5f686e26e 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -30,6 +30,10 @@ let rules = concatMap make-rules (attrValues repos); public-repos = mapAttrs make-public-repo { + news = { + cgit.desc = "take a rss feed and a timeout and print it to stdout"; + cgit.section = "software"; + }; stockholm = { cgit.desc = "take all the computers hostage, they'll love you!"; cgit.section = "configuration"; diff --git a/lass/2configs/ircd.nix b/lass/2configs/ircd.nix index 4d2c134b6..b72e2b087 100644 --- a/lass/2configs/ircd.nix +++ b/lass/2configs/ircd.nix @@ -94,6 +94,8 @@ general { #maybe we want ident someday? disable_auth = yes; + throttle_duration = 1; + throttle_count = 1000; }; ''; }; diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix index d9c6274db..bb068e7a1 100644 --- a/lass/2configs/mpv.nix +++ b/lass/2configs/mpv.nix @@ -34,7 +34,7 @@ let down = moveToDir "Y" "./down"; in { - krebs.per-user.lass.packages = [ + environment.systemPackages = [ mpv ]; } diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix index d38af211f..070795d14 100644 --- a/lass/2configs/newsbot-js.nix +++ b/lass/2configs/newsbot-js.nix @@ -3,19 +3,17 @@ let newsfile = pkgs.writeTe |